<?php

require_once '../include/common.inc.php';

if (!checkAdmin()) {
    header("LOCATION:index.php");
    exit;
}

$menu_index = 2;
$page_title = 'JANSEN';
$guide_message = 'User | User Manage';
$out_ary = array();
$alert_message = '';

$key = "Enter email or name...";
getMyParam('action');
getMyParam('key');

if ($action == "edit" || $action == "del") {
    if ($action == 'edit') {
        getMyParam('uid');
        getMyParam('name');
        getMyParam('truename');
        getMyParam('email');
        getMyParam('tel');
        getMyParam('fax');
        getMyParam('user_type');

        if (is_numeric($uid) && $uid > 0) {
            if (strlen($name) <2 || strlen($name) > 32) {
                $alert_message = 'Your name must be no more than 32 characters.Update failed';
            }
            if (strlen($truename) > 60) {
                $alert_message = 'Your True name must be no more than 60 characters.Update failed';
            }
            if (!preg_match("/\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*/i", $email)) {
                $alert_message = "Invalid Email.Update failed";
            }
            if (strlen($tel) > 60) {
                $alert_message = 'Your tel name must be no more than 60 characters.Update failed';
            }
            if (strlen($fax) > 60) {
                $alert_message = 'Your fax name must be no more than 60 characters.Update failed';
            }

            if ($alert_message == "") {
                $sql = "UPDATE `user` SET
                `username` = '" . $name . "', 
                `name` = '" . $truename . "', 
                `email` = '" . $email . "', 
                `tel` = '" . $tel . "', 
                `fax` = '" . $fax . "', 
                `type` = '" . $user_type . "'
                WHERE `id` = '$uid'";

                $db->query($sql);
                header("LOCATION:u_manage.php");
            }
        }
    }

    if ($action == 'del') {
        getMyParam('uid');
        if (is_numeric($uid) && $uid > 0) {
            $sql = "DELETE FROM `user` WHERE `id` = '" . $uid . "'";
            $db->query($sql);
            header("LOCATION:u_manage.php");
        }
    }
}

$sql_where = "";

$page_url = 'u_manage.php?';
if ($action == "search" && trim($key) != "") {
    $sql_where = " WHERE `username` LIKE '%$key%' OR `email` LIKE '%$key%'";
    $page_url = 'u_manage.php?action=search&key=' . $key . '&';
}


// *** page code start ***
$sql = "SELECT `id` FROM `user` $sql_where";
$query = $db->query($sql);
$sql_all_num = $db->num_rows($query);

$ppp = 2;
getMyParam('page');
$page = empty($page) || !ispage($page) ? 1 : $page;
$start_limit = ($page - 1) * $ppp;
if($start_limit > $sql_all_num) {
    $start_limit = 0;
    $page = 1;
}

$page_show = getPageStr($sql_all_num, $page, $ppp, $page_url);

// *** page code end ***

$sql = "SELECT `id`, `username`, `name`, `email`, `type`, `lastlogin` FROM `user` $sql_where ORDER BY id DESC LIMIT $start_limit, $ppp";
$query = $db->query($sql);
while($rs = $db->fetch_array($query)) {
    if ($action == "search" && trim($key) != "") {
        $rs['username'] = str_replace($key, "<font color=red>$key</font>", $rs['username']);
        $rs['email'] = str_replace($key, "<font color=red>$key</font>", $rs['email']);
    }
    $out_ary[] = $rs;
}



$debug = 1;
debuginfo();

include_once(JANSEN_ROOT . 'admin/menu_list.php');
require_once PrintEot('a_header');
require_once PrintEot('a_u_manage');
require_once PrintEot('a_footer');

?>